When you manage remote users, you essentially take one of the following positions:
Leave the default policies in place, so that you do not impede remote users in the use of their computers.
Strengthen your default security policies to provide more protection for your network, even if it restricts what remote users can do.
In most situations, the best practice is to strengthen your security policies for remote clients.
Policies may be created as shared or unshared and assigned either to groups or to locations. A shared policy is one that applies to any group and location and can be inherited. A non-shared policy is one that only applies to a specific location in a group. Typically, it is considered a best practice to create shared policies because it makes it easier to change policies in multiple groups and locations. However, when you need unique location-specific policies, you need to create them as non-shared policies or convert them to non-shared policies.